As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
As is known in the art, data associated with an information handling system may be stored on a storage resource, such as, for example, one or more hard disk drives. A type of storage resource becoming more prevalent is a self-encrypting storage resource, sometimes known as a self-encrypting drive. In a self-encrypting storage resource, data stored to the storage resource is encrypted with a media encryption key (MEK) which may also be used to decrypt such data. The MEK itself may also be encrypted with a key encryption key (KEK), which must be provided at powering up of the self-encrypting storage resource in order to unlock the MEK for use. Thus, the MEK is stored in the storage resource, while the KEK can be stored within the information handling system (known as local key management) or externally to the information handling system.
In traditional approaches, a KEK may be stored with a storage controller interfaced with the self-encrypting storage resource. However, this may render the KEK vulnerable for numerous reasons. First, the KEK is not protected by any authentication, which may leave a compromised information handling system susceptible to a malicious attack that gains access to the KEK. Second, a user/administrator of the information handling system may “turn rogue” and compromise the data, either by misappropriating the self-encrypting storage resource's data and the KEK. In addition, current approaches may leave data susceptible to permanent loss in the event of a failure of a storage controller upon which the KEK is stored/maintained.